Hi Manny, Check this out: ================================ Security Guy Junior Member Member # 8528 Rate Member <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00008528> posted September 07, 2002 02:36 AM <http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00008528> <http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=13;t=000434; reply_num=000067;u=00008528> <http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=13;t=000434;repl yto=000067> _____ WO0 HO0!! It's working!! Let me tell you guys this: - it has nothing to do IP Fragement Filtering. - it probably has nothing to do with the extra protocol definitions created from the .vbs script. - all you need to do at ISA's side is to create protocol definitions for UDP port 500 and UDP port 10001 (or whatever your Contivity's NAT Traversal's port is configured to use) This is what you need to do at the Contivity Switch (we have model CES2600D): 1. On the configuration page's left side, click on "Services", then "IPSEC". Toward the middle of page is the setting "NAT Traversal". Check to have it enabled and set it on port 10001. 2. Once the above step is done, go to "Profiles", then "Groups". Under a designated group where you want NAT Traversal enabled, click on "Edit." Under the section "IPSEC", click on "Configure." At the very bottom of the page, make sure "Auto-Detect NAT" is selected. Keep the "NAT Keepalive" setting at 18 seconds. ** very important ** Our Contivity switch is running with one of the newest firmware, v04_05.024. I used the newest Nortel Extranet Access Client software, v4.65. There are no changes on ISA other than defined protocol definition for UDP port 500 and 10001. Nothing was changed in the packet filter section, I still restrict direct PING to my firewall. I can only say I'm a happy camper now, no longer need to lug my laptop from work to get to corporate's VPN. ============================ HTH, Thomas W Shinder www.isaserver.org/shinder http://tinyurl.com/1jq1 http://tinyurl.com/1llp -----Original Message----- From: Manny Perez [mailto:Manny@xxxxxxxxxxxx] Sent: Thursday, January 16, 2003 1:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] Nortel VPN client 4.65 http://www.ISAserver.org Hi, Has anyone had much success setting this up. I can not get it to work. Any help would be much appreciated. Thanks, Manny Perez ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')